An amazing place! That’s the internet. Everyone can share and find almost anything on the web. However, do you realize that the more information we share on the web, the more anyone can know about us? We used to ask the person if we would like to know more about him/her, but today there’s no need to do that. Browse the web and you can learn anything about the person there. With the right tools, anyone can get into your most private information, including social security numbers, financial records, banking transactions, address, email address, phone number, credit card number, credit reports, and many things else. Everything you used to believe about the internet is now gone, thanks to the privacy hijacking.
The worst part is our governments. They believe they’ve right to know everything about us. The reason is simply because we’re their citizens. “In order to protect us from harm and the country from crime,” they hold the right to keep their eyes on us. They believe there’s no privacy, compared to “national security.”
But, let me ask you. Do you still believe we need our privacy back? Do you believe our governments should keep their eyes from our life?
If so, then you need to learn how to protect yourself. We need the best defense against online surveillance, which will keep us anonymous on the web. Till then, not even our governments can track our digital footprints and use it as they want.
What’s the Best Privacy Protection We Have?
Everything that NSA did (or have been doing) to us have changed our mind about our privacy. Before the outbreak, most security experts recommended the Diffie-Hellman cryptographic key exchange. It is, as they believed, the best “counter agent” against privacy hijacking. But now, it seems they’ve changed their mind. It appears that the key exchange is not the best solution at all. There’s a serious flaw inside the system that NSA can use to break even the most secured connection in the world.
So, that key exchange was used to be our best defense. Then, how come it doesn’t work anymore? How serious the flaw? Well, when it comes to security system, even a tiniest flaw can lead to a privacy disaster. In this key exchange, for example, the flaw comes from a single prime number in the system.
The question is: if that’s supposed to be the world’s #1 security system, isn’t it supposed to be 100% safe?
We hope so. Crafted by the best in security, the system was expected to deliver the best security solution. However, just like any other machine, there’s no such thing as 100% flawless. Not even close. Even the world’s best machine has a flaw. It’s finding the flaw that matters. In this case, there are other dedicated experts in NSA who spend their time looking for any flaw that would help them hijack our privacy. But, not everything went smoothly. Even NSA should spend a year and few hundred million dollars to finally find the flaw. A whole year and massive budget to find the fact that the whole system lies on a single prime number. Any prime number is enough to fool the system. A prime number can get into our privacy. Cracking a prime number allows them to pass through all security measures. If that’s not bad enough, cracking the number also gets them access to every information available on the web. With this prime number, NSA can bring catastrophe to anyone anywhere around the world.
Still wondering how serious the damage is?
More than 50 – 60% of websites around the globe use the same prime number. It’s used not only to build the websites, but also the security system. So, by cracking a common 1024-bit prime number would help NSA to secretly decrypt at least 2/3 of VPN connections and 25% of SSH connection. Get another prime number and NSA can break into 20% of the world’s HTTPS websites. That’s quite a lot for hijacking our privacy.
It might take a year and hundreds million of dollars to find the hole, but the whole investment is worthless when you compare to the impact: global control.
The world’s most secured system was turned upside down. Since NSA is none other than government-back organization, then there is only one possible theory for this mystery: the government itself. They put every dedicated security expert in their field to find weak spots of any technology in the world, so they can crack their way into those systems. Everyone knows NSA capabilities of hijacking everyone’s privacy.
NSA documents leaked by Edward Snowden, for example, showed NSA amazing capabilities in monitoring encrypted connections (such as VPN), transmitting intercepted data to their supercomputers, then cracking the prime number required to crack the encrypted communications.
Only a ‘well-designed’ system can crack into the world’s best security system. The worst news is NSA has it. Their system is not just well designed, but also was born to meet that goal. It is carefully engineered to do one job. It should help NSA to crack and/or infiltrate to any system in the world. Not even the Diffie-Hellman cryptographic key exchange should escape. However, like any other machine, the system isn’t flawless. Everything it collects to attack Diffie-Hellman can only be used once. It will turn useless against AES or other types of symmetric crypto. The documents also mentioned other techniques NSA deploy, including hardware and software ‘implants.’ These methods also help NSA cracking their way into systems, but only poorly secured ones. So, if you want to know how far NSA capabilities are, these methods won’t help you. NSA are far more capable than attacking poorly secured systems. NSA is born to get your privacy.
A weakness inside the Diffie-Hellman Downgrade Allows Cyber Crimes to Intercept Secured Data
The attack was worst than serious. This Logjam attack only took 14 days to generate data to begin the attack. Two prime numbers were attacked, the ones 512-bit Diffie-Hellman key exchange deploys to negotiate all its ephemeral keys. There were just two numbers, but the impact is worldwide. More than 8% of the world’s top 1 million domains and 3.3% of HTTPS websites were affected. Thanks to the attack, everything we used to know about secured connection, is no more. Not even e-mail servers. Providers with simple mail transfer protocol suffered the most. Around 8 – 14% of each service (secure POP3, IMAP, and StartTLS) were hacked. To exploit your secured connections, cyber crimes used a particular algorithm. The number field sieve was used to precompute data. Once done, they can attack any secured connections in the world. You might not realize it, but you’re not the only one who knows your emails. Everything we know about freedom, is no more. Perhaps.
The damage is extensive, but it’s supposed to not exist. It’s mostly our failure that make the damage. The Logjam weakness was a fruit of our own mistake. In 1990, the US government mandated an export restrictions on softwares developed by US developers. Thanks to this restriction, FBI, NSA, CIA and other US agencies can break any encryption foreign entities use. It only took five months to apply the new law nationwide. Until then, popular server apps, VPNs, and browsers had removed support for the 512-bit Diffie-Hellman key exchange. It was a good decision, though. Thanks to it, we had reduced 50% of the flaw. The another half is still out there. The 1024-bit key exchange is still haunting us. Perhaps, in the future, it will be the one that hijacks our privacy.
Our security experts finally arrived at this conclusion in May, but perhaps it’s too late. The NSA have probably reached the same conclusion long before them. With their resources, NSA can decrypt any connection in the future. Nothing and no one can escape when that happens. Privacy would become our best online treasure then.
Diffie-Hellman is a breakthrough. There’s no doubt for it. The way it lets two parties negotiate an ultimate key is amazing. Plus, it’s done through an unsecured communication. There’s supposed to be everyone on that channel, including hackers. However, with the latest 1024-bit technology, the risk was reduced to dust. Everyone was supposed to be safe, until the crack was found. A single prime number. That’s what a cracker needs to hijack our privacy. NSA, FBI, and CIA may be even watching you now. Everything we used to know about a safe internet, perhaps no longer exist.
Should you stop using the internet?
Please, don’t. The internet is a wonderful place to find, share, and grow. The world might have lost its supposed-to-be excellent defense against privacy hijack. However, that doesn’t mean we can create a new one. If the NSA cracked our 1024-bit protection, why don’t we use thee 2048-bit? That one offers double protection to our privacy.
So, the question now is: where can you find out.
That’s the right question. With the recent privacy outbreaks, it’s almost difficult to find the real solution. Lucky for you, that solution is not too far from you. It’s near you. In fact, you are looking at it.
No, we are not talking about this post. We are talking about something bigger. We are talking about VPN Asia.
What Can VPN Asia Do for YOU?
We are the world’s #1 non-logging VPN provider. We don’t make this title. We earn it.
Advanced protection from malicious scripts.
Unblocking geo-restricted contents.
We don’t keep your user logs.
Everything you dream of a perfect, free internet, we can give it to you. Everything, without exception. You may ask, does our service got affected by the crack?
We believe it’s not. People don’t name us the best non-logging VPN service for nothing. We deploy the world’s best and latest security measure. Our goal is clear: to give you the best protection. You won’t be protected with the 1024-bit Diffie-Hellman key exchange. We don’t give you that. What we give is the best security system the world knows.
What’s that? The 2048.